Palo Alto Networks Knowledgebase: DotW: User-ID for Microsoft Exchange Server Permission Issue
DotW: User-ID for Microsoft Exchange Server Permission Issue
Created On 02/08/19 00:00 AM - Last Updated 02/08/19 00:00 AM
This week's discussion focuses on user "SabreAce33" inquiring if the Microsoft Exchange Server requires additional permissions when using User-ID? He is running an agent-based User-ID setup against three Microsoft Active Directory (AD) DCs and two Microsoft Exchange Client Access Servers (CAS). Despite having Event Log Reader permissions, he is unable to get data from the Microsoft Exchange Servers. User "SabreAce33" can get data from the DCs, but the Microsoft Exchange Servers show either 'connecting' or 'connecting (a required privilege is not held by the agent)'.
User "scottsander" confirmed the following two steps are needed to fix the issue.
Because Microsoft Exchange Server is different than Microsoft AD, there are additional steps needed:
Grant the User-ID agent service account 'Enable Account' and 'Remote Access' permissions to the Common Information Model v2 (CIMv2) WMI namespace on the Microsoft Exchange Client Access Servers.
Add the service account to the local 'Event Log Readers' and 'Distribute COM Users' groups on the Microsoft Exchange CAS.